Doc changes to collect unified audit logs for windows env for oracle otel app

Author: sumoanema

docs/integrations/databases/opentelemetry/oracle-opentelemetry.md

@@ -11,13 +11,15 @@ import TabItem from '@theme/TabItem';
 
 <img src={useBaseUrl('img/integrations/databases/oracle.png')} alt="Thumbnail icon" width="100"/> <img src={useBaseUrl('img/send-data/otel-color.svg')} alt="Thumbnail icon" width="45"/>
 
-The [Oracle](https://docs.oracle.com/database/121/CNCPT/intro.htm#CNCPT001) app is a logs and metrics based app. Preconfigured dashboards and searches provide insight into the listeners, sys/xml audit logs, alerts, performance, and security. It also gives insight around count of rollback, commits, transaction, process, session, hard parse, and DML locks.
+The [Oracle](https://docs.oracle.com/database/121/CNCPT/intro.htm#CNCPT001) app is a logs and metrics based app. Preconfigured dashboards and searches provide insight into the listeners, audit logs (traditional - sys/xml and unified), performance, and security. It also gives insight around count of rollback, commits, transaction, process, session, hard parse, and DML locks.
 
 This app is tested with the following Oracle versions:
 
 - Non-Kubernetes: Oracle Database 23 Release 23.4.0.24.05.
 
-Oracle logs are sent to Sumo Logic through OpenTelemetry [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver) and metrics are collected through [Oracledb receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/oracledbreceiver)
+Oracle logs like listner, alert and traditional audit logs (oracle version <= 19c) are sent to Sumo Logic through OpenTelemetry [filelog receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/filelogreceiver) whereas unified audit logs (oracle version >= 21c) are collected through [syslog](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/syslogreceiver) for linux environment and [windowseventlog](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/receiver/windowseventlogreceiver/) receiver for windows environment.
+
+Metrics are collected through [Oracledb receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/oracledbreceiver)
 
 <img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Oracle-OpenTelemetry/Oracle-Schematics.png' alt="Schematics" />
 
@@ -64,15 +66,11 @@ If logging is not enabled, you can configure it by following the steps below.
    lsnrctl command  [listener_name]
    lsnrctl set log_status on
    ```
-- **Audit Log**. Traditional auditing is deprecated in Oracle Database 21c. If you are using version below 21c follow [this](https://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm#TDPSG50000) guide to enable Audit Logs. For version 21c and above, follow [this](https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/administering-the-audit-trail.html#GUID-662AA54B-D878-4B78-94D3-733256B3F37C) to enable exporting for unified audit trail through syslog for Oracle on Linux.
-
-  :::note
-  Currently this app does not support collection of unified audit trail logs collected in Oracle on Windows as Windows event logs.
-  :::
+- **Audit Log**. Traditional auditing is deprecated in Oracle Database 21c. If you are using version 19c or below follow [this](https://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_auditing.htm#TDPSG50000) guide to enable Audit Logs. For version 21c and above, follow [this](https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/administering-the-audit-trail.html#GUID-662AA54B-D878-4B78-94D3-733256B3F37C) to enable exporting for unified audit logs through syslog for Oracle on Linux and windows event logs for Oracle on Windows.
 
 #### Verify local logs file directories and path
 
-- **Oracle Alert Logs**. For 11g and later releases (12c, 18c, 19c). By default, Oracle logs are stored in
+- **Oracle Alert Logs**. For 11g and later releases (12c, 18c, 19c, 21c, 23c). By default, Oracle logs are stored in
 `$ORACLE_BASE/diag/rdbms/$DB_UNIQUE_NAME/$ORACLE_SID/trace/`. The default directory for log files is stored in `BACKGROUND_DUMP_DEST` parameter. You can query the value of `BACKGROUND_DUMP_DEST`, an initialization parameter, where you can find Oracle alert log by executing the command below:
   ```sh
   SQL > show parameter background_dump_dest;
@@ -82,7 +80,7 @@ If logging is not enabled, you can configure it by following the steps below.
   [oracle@sumolab alert]$ lsnrctl status
   ```
 - **Oracle Audit Logs**. 
-  - **For Oracle version below 21c**. By default, Oracle logs are stored in
+  - **For Oracle version 19c and below**. By default, Oracle logs are stored in
     ```
     $ORACLE_BASE/app/oracle/admin/orcl/adump
     ```
@@ -92,7 +90,7 @@ If logging is not enabled, you can configure it by following the steps below.
 
     The location of these logs will be required when you set up the app through the app catalog.
 
-  - **For Oracle version 21c and above**. Once unified audit trail is redirected to syslog, it will start getting written to destination set in `syslog.conf`. 
+  - **For Oracle version 21c and above**.  Based on [Unified audit policy](https://docs.oracle.com/en/database/oracle/oracle-database/23/sqlrf/AUDIT-Unified-Auditing.html) configuered, audit logs exported will direclty be ingested to sumo using syslog or windows event log. For linux environment instead of redirecting audit logs to a file we need to directly redirect it to local port. In the next step, otel collector can be configured to listen to this port to send log to sumo.
 
 #### Performance metrics script setup
 
@@ -181,11 +179,13 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md';
 In this step, you will configure the yaml required for Oracle Collection.
 Below are the inputs required:
 
-- **`Endpoint (no default)`**. Endpoint used to connect to the OracleDB server. Must be in the format of `host:port`. 
 - **`Alert Logs`**. Path of the log file configured to capture oracle alert logs.
 - **`Listener Logs`**. Path of the log file configured to capture oracle listener logs .
-- **`Audit Logs`**. Path of the log file configured to capture oracle audit logs.
-- **`Performance metric script-based logs`**. Path of the log file configured to capture log generated through script.
+- **`Audit Logs`**. 
+  - For **Traditional Audit Logs** - Path of the log file configured to capture oracle audit logs.
+  - For **Unified Audit Logs** - You need to select the OS where the oracle is setup - windows or linux. For Oracle on windows machine no parameter is required. Only respective event id will be ingested. For linux environment you need to give the **port** (configured in prerequisite steps for linux environment) where the syslog receiver should listen to, for sending the logs to sumo.
+- **`Performance metric script-based logs`**. Path of the log file configured to capture log generated through script can be configured in other logs.
+- **`Endpoint (no default)`**. Endpoint used to connect to the OracleDB server. Must be in the format of `host:port`. 
 - **`username`**. Username for the OracleDB connection.
 - **`password`**. Password for the OracleDB connection. Special characters are allowed.
 - **`service`**. OracleDB Service that the receiver should connect to.
@@ -321,8 +321,8 @@ sumo.datasource=oracle metric=oracledb.sessions.usage  deployment.environment=*
 ## Viewing Oracle dashboards
 
 :::note
-- **Oracle - Sys Audit Log**, **Oracle - Sys Audit Log - Logon Analysis**, **Oracle - XML Audit Log - Logon Analysis**, and **Oracle - XML Audit Log - SQL Statement Analysis** dashboards will be populated only when collecting logs for Oracle database version below 21c.
-- **Oracle - Unified Audit Syslogs** dashboard will populate for audit log collected for Oracle database version 21c and above.
+- **Oracle - Sys Audit Log**, **Oracle - Sys Audit Log - Logon Analysis**, **Oracle - XML Audit Log - Logon Analysis**, and **Oracle - XML Audit Log - SQL Statement Analysis** dashboards will be populated only when collecting logs for Oracle database version 19c and below.
+- **Oracle - Unified Audit Syslogs** dashboard will populate for unified audit log collected for Oracle database version 21c and above.
 :::
 
 ### Overview
@@ -549,7 +549,7 @@ Recent Jobs in the database. A table of information about recent database jobs,
 ### Unified Audit Syslog
 
 <img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Oracle-OpenTelemetry/Oracle-Unified-Audit-Syslog.png' alt="Monitor Performance by DB Script" />
-See information derived from the syslog audit trail, including successful and failed activities, successful and failed logon attempts. In addition to this dashboard gives insight around logon status trend, top current and database users.
+See information derived from the syslog audit trail, including successful and failed activities, successful and failed logon attempts. In addition to this dashboard gives insight around logon status trend, top current and database users. This dashboard work with unified audit logs exported from both windows and linux environment.
 
 ### Performance Details